Active scanning involves using software that can generate packets on the network to actively engage the targets in order to detect their presence and vulnerabilities. It is a more complex but highly scalable approach that is the most popular today. The scanner is connected to the network just as any other host. The position of the scanner relative to the targets is critical in getting the best results. We will talk more about this later.
Active scanning essentially emulates the behavior of hackers to discover targets, with one critical difference. Hackers use tools and techniques designed to conceal their activities, whereas legitimate active scanning tools do not. Scanners also can perform some of the exploits to determine susceptibility. The degree to which these exploits are performed depends on options selected in the scan configuration. Most products avoid using exploits that might have adverse effects on the target without specific selection by the administrator in the scan configuration. Furthermore, it should be understood that most commercial tools are designed to detect vulnerabilities, not exploit them. Although they can be used as part of a penetration test, there are other, more appropriate tools to complete such a task.
Advantages and Disadvantages
Some key advantages of active scanning:
- Highly scalable because scanning takes place from a central location or distributed locations of the security architect’s choice and does not require software installation on the targets.
- The technology can provide a hacker’s view of the network and targets, so the vulnerability manager can have a realistic view of their risks in the production environment.
- Potential to support any networked device, that is, not limited to a compatible platform for an agent.
- Can provide incremental information regardless of platform support (e.g., open ports, identified protocols/applications, banners) even when the VM system has not previously seen the device.
- If the target is not connected to the network, it will not be scanned. Agents can detect a vulnerability when it occurs and report the results the next time the host is connected to the network.
- A potential exists for impact on the network infrastructure since all scanning is so performed. However, some basic planning will prevent such adverse effects.
- Scanning is slower over slow network connections. This is typical in small offices with weak links. Today, we see this frequently in South America, Africa, and some parts of Asia.
1 comments:
I started on COPD Herbal treatment from Ultimate Health Home, the treatment worked incredibly for my lungs condition. I used the herbal treatment for almost 4 months, it reversed my COPD. My severe shortness of breath, dry cough, chest tightness gradually disappeared. Reach Ultimate Health Home via their website at www.ultimatelifeclinic.com . I can breath much better and It feels comfortable!
Post a Comment